Pass --header enrollment option to fleet-server

[blakerouse]

What does this PR do?

Currently the --header enrollment flag is used when bootstrapping Fleet Server. Those headers should also be used when communicating with Fleet Server that is not being bootstrapped.

Why is it important?

When enrolling to a Fleet Server that is behind a proxy that requires specific headers for communication it is not possible to enroll the Elastic Agent into the Fleet Server.

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• [ ] I have added an integration test or an E2E test (covered well in unit tests)

Disruptive User Impact

None

How to test this PR locally

Setup a Fleet Server behind a proxy that requires a specific header for traffic to flow. Then enroll the elastic-agent with the required header:

./elastic-agent enroll --url http://proxy-url --enrollment-token ${token} --header X-Custom-Header=TEST

Related issues

• Closes --header is not used with communication to Fleet Server #6823

[mergify]

This pull request does not have a backport label. Could you fix it @blakerouse? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label that automatically backports to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[elastic-sonarqube]

Quality Gate failed

Failed conditions
37.5% Coverage on New Code (required ≥ 40%)

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 09f458f

cc @blakerouse

[cmacknz]

Suggested change

	summary: Add --header to enrollment communication with Fleet Server
	summary: Use --header from enrollment when communicating with Fleet Server

The current version doesn't quite read correctly as a sentence to me.

[cmacknz]

If the headers are secrets, is this going to leak them in diagnostics? Are they either already redacted or not included in diagnostics at all?

[cmacknz]

This proves we use a header for /enroll, is this enough to also prove the same header would be included in a checkin?

I see in enroll.go we explicitly add the header to enrollCmdOption so it isn't obvious just by reading it. Regardless, would there be a way to test that?

[kaanyalti]

Changes look good to me. Once the ci is green and Craig's comments are addressed I can approve